From ae549e9a89f61a2cc006d4b77d9d352f7d82bea0 Mon Sep 17 00:00:00 2001 From: Julio Biason Date: Wed, 16 Apr 2014 11:49:48 -0300 Subject: [PATCH] make sure non-members cannot get the results --- tests/vote_tests.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/vote_tests.py b/tests/vote_tests.py index 27e7617..3eef1d3 100644 --- a/tests/vote_tests.py +++ b/tests/vote_tests.py @@ -299,6 +299,17 @@ class TestVote(LunchoTests): self.assertTrue(data['closed']) # voting shouldn't be closed yet return + def test_get_results_not_member(self): + """Try to get the results of a group when the user is not a member.""" + group = self._group() + user = self.create_user(name='newUser', + create_token=True) + + rv = self.get('/vote/{group_id}/'.format(group_id=group.id), + token=user.token) + self.assertJsonError(rv, 403, 'User is not member of this group') + return + if __name__ == '__main__': unittest.main()